General
-
Target
d28bbfefa6c8613466e9606c49747a01_JaffaCakes118
-
Size
160KB
-
Sample
240907-ws51kaxcjj
-
MD5
d28bbfefa6c8613466e9606c49747a01
-
SHA1
167fe905cac4f9236bd403dc288d881f450797dd
-
SHA256
282366d12aa0428ed08a2c8d3378e5b1a584f6212896957df7a9ab5a1be14bdf
-
SHA512
27b16f515a79e6ad12c768a3f5a25daaff03048f15178b1e437b85086b1a158849f399ebdbe37f448992e207714d818faed0fb9d52da31cc9435c8814541a5bf
-
SSDEEP
3072:p6kTQEVLXapGlY0wRmWOl5i6wJjHQgQzEIbdU:p7MEVXVFwRmWcuad
Malware Config
Targets
-
-
Target
d28bbfefa6c8613466e9606c49747a01_JaffaCakes118
-
Size
160KB
-
MD5
d28bbfefa6c8613466e9606c49747a01
-
SHA1
167fe905cac4f9236bd403dc288d881f450797dd
-
SHA256
282366d12aa0428ed08a2c8d3378e5b1a584f6212896957df7a9ab5a1be14bdf
-
SHA512
27b16f515a79e6ad12c768a3f5a25daaff03048f15178b1e437b85086b1a158849f399ebdbe37f448992e207714d818faed0fb9d52da31cc9435c8814541a5bf
-
SSDEEP
3072:p6kTQEVLXapGlY0wRmWOl5i6wJjHQgQzEIbdU:p7MEVXVFwRmWcuad
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2